CVE-2013-1397

EUVD-2022-3072
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
sensiolabssymfony
2.0.0
sensiolabssymfony
2.0.1
sensiolabssymfony
2.0.2
sensiolabssymfony
2.0.3
sensiolabssymfony
2.0.4
sensiolabssymfony
2.0.5
sensiolabssymfony
2.0.6
sensiolabssymfony
2.0.7
sensiolabssymfony
2.0.8
sensiolabssymfony
2.0.9
sensiolabssymfony
2.0.10
sensiolabssymfony
2.0.11
sensiolabssymfony
2.0.12
sensiolabssymfony
2.0.13
sensiolabssymfony
2.0.14
sensiolabssymfony
2.0.15
sensiolabssymfony
2.0.16
sensiolabssymfony
2.0.17
sensiolabssymfony
2.0.18
sensiolabssymfony
2.0.19
sensiolabssymfony
2.0.20
sensiolabssymfony
2.0.21
sensiolabssymfony
2.1.0
sensiolabssymfony
2.1.1
sensiolabssymfony
2.1.2
sensiolabssymfony
2.1.3
sensiolabssymfony
2.1.4
sensiolabssymfony
2.1.5
sensiolabssymfony
2.1.6
sensiolabssymfony
2.2.0
sensiolabssymfony
2.2.1
sensiolabssymfony
2.2.2
sensiolabssymfony
2.2.3
sensiolabssymfony
2.2.4
sensiolabssymfony
2.2.5
sensiolabssymfony
2.2.6
sensiolabssymfony
2.2.8
sensiolabssymfony
2.2.9
sensiolabssymfony
2.2.10
sensiolabssymfony
2.2.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/51980
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
http://www.securityfocus.com/bid/57574
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
http://secunia.com/advisories/51980
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
http://www.securityfocus.com/bid/57574
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551